These clients are able to work when they first get the connection going, it almost seems like the connection is dropped from possible inactivity? I have in my firewall rules allowed all incoming traffic from their remote office to our network, and traffic is passing through... but what the heck woul...

Service port for pptp is enabled. SHould I specify a port for it? or just leave it alone. IPSec nodes should have NAT-T support enabled to get through IPSec traffc over NAT. I had seen somewhere that mt does not support nat-t. Is there a way for me to add a different nat rule for these specific clie...

I had searched quite a few posts before posting here and did not really find a good answer as to what I can fix to correct this issue. All Mikrotik Routers are RB532A models running OS 3.24 with ospf routing enabled between remote subnets. 2 Mikrotiks are connected to public ip addresses on ether1 p...

Thanks normis,
but I can actually telnet into those ports, even from addresses on my BlockList. No services are running on these ports that I have, but it still seems quite strange.

I am doing an nmap intense scan and it still returns those 4 ports listed in my first post as being filtered open. I can still telnet into each port also. Discovered open port 25/tcp on xx.xx.xx.xx Discovered open|filtered port 25/tcp on xx.xx.xx.xx (xx.xx.xx.xx) is actually open Discovered open por...

I wouldn't think so, these are my only NAT rules [admin@mt-router] > ip firewall nat pr Flags: X - disabled, I - invalid, D - dynamic 0 ;;; NAT chain=srcnat action=masquerade src-address=10.10.10.0/24 out-interface=ether1 1 ;;; VPN chain=dstnat action=netmap to-addresses=10.10.10.10 to-ports=60000 p...

I am doing testing against one of my routers using nmap. My firewall config adds ports scanners to a drop list and does appear to be dropping packets quickly after the scan is initiated but nmap continues to return these results: xx.xx.xx.xx is a public ip address Discovered open port 25/tcp on xx.x...

On R1, changed the outgoing interface to be ether1 for the masquerade nat rule. Logged into R2 and tried to ping 64.233.167.104 (google) and still got a no route to host. From R2 I can ping 192.168.1.1 From a pc behind R2 on the 10.10.10.0 LAN, I can ping 192.168.1.1 also, but nothing public (which ...

This is the Firewall for router R1: [admin@CLYCLPTEST] > ip firewall filter pr Flags: X - disabled, I - invalid, D - dynamic 0 ;;; Drop Public Broadcast Traffic chain=input action=drop dst-address-type=broadcast,multicast in-interface=ether1 1 X ;;; Disable Open Proxy chain=input action=drop src-add...

I feel dumb for asking this since it would seem simple enough. I have a small LAN that I was brought into that is an existing /24 network with ip addresses used up all over this space that I cannot change at this time to make subnetting easier. We are joining a new small dept to this LAN as a subnet...

Thanks for the reply. That does make sense and the thought crossed my brain that I may have needed to do more. I will give that a try, if adding two vlan's and using those works, I will do just that.

I will post back soon after this is tested.

Thanks again for your time.

I am setting up a vlan using a mikrotik RB500 router running v3.10 and a netgear FS726T managed switch. The switch supports vlans (802.1Q and Port Based) The router is setup using nat with ether1 connected to the wan and ether2 connected to the lan. The vlan is setup on the ether2 interface like thi...

Seems that way. Can this be confirmed by anyone at MT? I am looking intently at each version update's changelog to see if there has been any progress made with OpenVPN support or bug fixes, but so far I haven't seen anything.

Bump.

I have not been able to use OpenVPN with MT as a server and the OpenVPN GUI running on WIndows using TCP reliably. I am able to keep it running with no issues when transferring small amounts of data of the vpn connection, but tranferring files from my remote station to my server causes OpenVPN to ti...

First time setting up a hotpsot for use with paypal, have been at it for a few days now and I have been encountering this exact problem also. Account is created with no credits, username/password verified, paypal transaction works too. As the user tries to logon, "Invalid username or password&q...

Attached is a small console app written in C# that I wrote to this: just pass is the pc MAC Address you want to wake and it handles the rest. This requires the .Net framework 2.0 to be installed also.

Can you provide a bit of a description as to what the "Hardware Retries" feature does? I have a few devices that hopefully will benefit from this fix, and I would just like to understand a bit more about what is actually happening with it.

Thanks,

A bit more info: The blacked out ip in the picture from my 1st post is the router where our Dude server sits behind. When I login to a device through the Dude, it comes from the same ip. My biggest issue is why there are so many logins. Would the Dude be trying to perform some action that would caus...

Under /ip services we had changed all the service ports and we access our routers through our custom ports. 43 of our routers have public ip addresses on them, and until we changed the service ports we saw lots ssh login attacks etc... same as most people's complaints. We use firewall rules similiar...

Recently we have been seeing multiple login attempts through Winbox in our log: Most of these attempts are successful but last just a second before logging out. (See attached Image) Is this something with the Dude? It is not happening on all devices, just a random few it seems. It looks like every 2...

Our current setup has an ap directly connected to fiber on Ether1. We are also using broadband-over-powerline devices as customer devices, and a bridged wireless setup currently while we are still deploying fiber throughout out network. Ether1 has a Public IP: XX.XXX.XX.XXX The bridge and all custom...

Not really a scripting question: We have other devices that we use besides Mikrotik (Corinex AV200's) that require the use a Telnet to login to them. We use putty to login to them but we have to load a saved session every time and change the ip since these devices require that the "Implicit CR ...

I was trying to drop most of my inbound traffic except for remote admin connections and came across a method that worked, but I wondered if it was inefficient or prone to flaws: Mangle: ;;;SSH From Admin MAC Address chain=prerouting protocol=tcp dst-port=22 src-mac-address=xx:xx:xx:xx:xx:xx action=m...